creamlon-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs embedding complete secret values verbatim in CLI arguments (e.g., --credential "crv1_..." and using --token), which requires the LLM to handle/output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The required runtime workflow uses npx --yes creamlon@0.7.0 discover/inspect/fetch-proof/watch which fetches and ingests public GitHub Issue/comment/proof text from an outsider-authored repository (e.g., other users’ Issues and comments) into the agent’s LLM context for inspection/verification.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly instructs running "npx --yes creamlon@0.7.0", which causes npx to fetch and execute remote code from the npm registry (e.g. https://registry.npmjs.org/creamlon) at runtime and is required for the described workflows.